qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC v2 1/1] memory: Delete assertion in memory_region_unregister_io

From: Eugenio Perez Martin
Subject: Re: [RFC v2 1/1] memory: Delete assertion in memory_region_unregister_iommu_notifier
Date: Tue, 11 Aug 2020 19:10:09 +0200 
On Tue, Aug 11, 2020 at 7:01 PM Eugenio Perez Martin
<eperezma@redhat.com> wrote:
>
> On Fri, Jun 26, 2020 at 11:29 PM Peter Xu <peterx@redhat.com> wrote:
> >
> > Hi, Eugenio,
> >
> > (CCing Eric, Yan and Michael too)
> >
> > On Fri, Jun 26, 2020 at 08:41:22AM +0200, Eugenio Pérez wrote:
> > > diff --git a/memory.c b/memory.c
> > > index 2f15a4b250..7f789710d2 100644
> > > --- a/memory.c
> > > +++ b/memory.c
> > > @@ -1915,8 +1915,6 @@ void memory_region_notify_one(IOMMUNotifier 
> > > *notifier,
> > >          return;
> > >      }
> > >
> > > -    assert(entry->iova >= notifier->start && entry_end <= notifier->end);
> >
> > I can understand removing the assertion should solve the issue, however imho
> > the major issue is not about this single assertion but the whole addr_mask
> > issue behind with virtio...
> >
> > For normal IOTLB invalidations, we were trying our best to always make
> > IOMMUTLBEntry contain a valid addr_mask to be 2**N-1.  E.g., that's what 
> > we're
> > doing with the loop in vtd_address_space_unmap().
> >
> > But this is not the first time that we may want to break this assumption for
> > virtio so that we make the IOTLB a tuple of (start, len), then that len can 
> > be
> > not a address mask any more.  That seems to be more efficient for things 
> > like
> > vhost because iotlbs there are not page based, so it'll be inefficient if we
> > always guarantee the addr_mask because it'll be quite a lot more roundtrips 
> > of
> > the same range of invalidation.  Here we've encountered another issue of
> > triggering the assertion with virtio-net, but only with the old RHEL7 guest.
> >
> > I'm thinking whether we can make the IOTLB invalidation configurable by
> > specifying whether the backend of the notifier can handle arbitary address
> > range in some way.  So we still have the guaranteed addr_masks by default
> > (since I still don't think totally break the addr_mask restriction is 
> > wise...),
> > however we can allow the special backends to take adavantage of using 
> > arbitary
> > (start, len) ranges for reasons like performance.
> >
> > To do that, a quick idea is to introduce a flag 
> > IOMMU_NOTIFIER_ARBITRARY_MASK
> > to IOMMUNotifierFlag, to declare that the iommu notifier (and its backend) 
> > can
> > take arbitrary address mask, then it can be any value and finally becomes a
> > length rather than an addr_mask.  Then for every iommu notify() we can 
> > directly
> > deliver whatever we've got from the upper layer to this notifier.  With the 
> > new
> > flag, vhost can do iommu_notifier_init() with UNMAP|ARBITRARY_MASK so it
> > declares this capability.  Then no matter for device iotlb or normal iotlb, 
> > we
> > skip the complicated procedure to split a big range into small ranges that 
> > are
> > with strict addr_mask, but directly deliver the message to the iommu 
> > notifier.
> > E.g., we can skip the loop in vtd_address_space_unmap() if the notifier is 
> > with
> > ARBITRARY flag set.
> >
> > Then, the assert() is not accurate either, and may become something like:
> >
> > diff --git a/memory.c b/memory.c
> > index 2f15a4b250..99d0492509 100644
> > --- a/memory.c
> > +++ b/memory.c
> > @@ -1906,6 +1906,7 @@ void memory_region_notify_one(IOMMUNotifier *notifier,
> >  {
> >      IOMMUNotifierFlag request_flags;
> >      hwaddr entry_end = entry->iova + entry->addr_mask;
> > +    IOMMUTLBEntry tmp = *entry;
> >
> >      /*
> >       * Skip the notification if the notification does not overlap
> > @@ -1915,7 +1916,13 @@ void memory_region_notify_one(IOMMUNotifier 
> > *notifier,
> >          return;
> >      }
> >
> > -    assert(entry->iova >= notifier->start && entry_end <= notifier->end);
> > +    if (notifier->notifier_flags & IOMMU_NOTIFIER_ARBITRARY_MASK) {
> > +        tmp.iova = MAX(tmp.iova, notifier->start);
>
> Hi!
>
> If I modify the tmp.iova, the guest will complain (in dmesg):
> [  154.426828] DMAR: DRHD: handling fault status reg 2
> [  154.427700] DMAR: [DMA Read] Request device [01:00.0] fault addr
> ffff90d53fada000 [fault reason 04] Access beyond MGAW
>
> And will not forward packets anymore on that interface. Guests are
> totally ok if I only modify addr_mask.
>
> Still investigating the issue.
>
> Thanks!
>

Sorry it seems that I lost the nitpick Yan pointed out :).

Sending RFC v3.

>
> > +        tmp.addr_mask = MIN(tmp.addr_mask, notifier->end);
> > +        assert(tmp.iova <= tmp.addr_mask);
> > +    } else {
> > +        assert(entry->iova >= notifier->start && entry_end <= 
> > notifier->end);
> > +    }
> >
> >      if (entry->perm & IOMMU_RW) {
> >          request_flags = IOMMU_NOTIFIER_MAP;
> > @@ -1924,7 +1931,7 @@ void memory_region_notify_one(IOMMUNotifier *notifier,
> >      }
> >
> >      if (notifier->notifier_flags & request_flags) {
> > -        notifier->notify(notifier, entry);
> > +        notifier->notify(notifier, &tmp);
> >      }
> >  }
> >
> > Then we can keep the assert() for e.g. vfio, however vhost can skip it and 
> > even
> > get some further performance boosts..  Does that make sense?
> >
> > Thanks,
> >
> > --
> > Peter Xu
> >
reply via email to
[Prev in Thread] Current Thread [Next in Thread]